An Eficient Framework For Enhancing Security
In The Cloud Environment
1K.Prasanthi
1 Department of CSE, Vickram College of Engineering, Srinivas Gardens, Enathi -
prashanthi.532@gmail.com, 9677096607
2K.Senthil
2 Department of CSE, Vickram College of Engineering, Srinivas Gardens,
Enathi-senthilk@vickramce.org, 9500925027 ABSTRACT:
Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. Security is considered to be one of the most critical aspects in a cloud computing environment due to the sensitivity and importance of information stored in the cloud and also due to the user’s data are accessed remotely in unknown machines over the Internet. Because of this user’s fear of losing their control over the data. To overcome this problem, this paper proposes a User Accountability Framework (UAF) to keep track of the actual usage of the user’s data in the cloud. For that, a logging mechanism including authentication for each user to access the data has also been provided. Moreover, some procedures for
providing the data under the control of data owner and integrity veriication is performed to strengthen the
security constraints.
Keywords: Cloud Computing, Security, User Accountability Framework.
1. INTRODUCTION:
Recently, all over the world mechanism of cloud computing is widely acceptable and used by most of the enterprise businesses in order increase their productivity. Cloud computing promotes availability, zero maintenance, subscription based service.
The characteristics of cloud computing incorporate broad network access, on-demand self service, resource pooling, measures service and rapid elasticity. Further, the cloud computing service models are Platform as a Service (PaaS), Software as a Service (SaaS) and Infrastructure as a Service (IaaS). Cloud services are generally made accessible via a community cloud, private cloud, public cloud or hybrid cloud. The Table 1 shows the different cloud service models, what are the services provided by them and who are all the producers and the users.
Table 1: Cloud Computing Services
after the deployment will be more complicated, expensive and risky. This paper mainly concentrates on the above said security concerns of cloud computing, also discusses the integrity issues that arises here. Keeping this in mind, an eficient framework called as User Accountability Framework [UAF] has been introduced which produces accountability, integrity and security the data that has been stored in the cloud. Accountability is provided by keeping the data usage trackable and transparent. Moreover, one of the main inventive features of the proposed work lies in its ability of handling powerful and lightweight accountability, which combines the aspects of usage control, access control and authentication. That is, the data owner can track not only the service level agreements, but also imposes the usage and access control rules as needed. Allied with the accountability feature, two distinct modes are developed for auditing: push mode and pull mode. In push mode, logs are being periodically sent to the data owner, while the pull mode represents an alternative approach whereby the user or some other authorized party can regain the logs as needed. Integrity veriication is done to verify te correctness of the data.
2. RELATED WORKS
In this section, some of the related works addressing the security and privacy issues on outsourcing the data over cloud have been discussed. [Cong Wang et all., 2010] have proposed a secure and dependable storage services in cloud computing, they propose a lexible distributed storage integrity& auditing mechanism, utilizing the homomorphic token and distributed ensure coded data. It allows the users to audit the cloud with very light weight communication and computation cost. This scheme is highly resilient against Byzantine failures, server colluding attacks and malicious data modiication attack. [Qian Wang, et all.,2010] proposed a method for enabling public auditability for cloud data storage. This paper utilizes the public key based homomorphic authenticator and uniquely integrates it with random mask technique to achieve a privacy-preserving public auditing system for cloud data storage security. Bilinear aggregate signature is extended to support multiple users at a time. [SmithaSundareswaran et all.,2012] proposed a novel highly decentralized information accountability framework to keep track of the actual usage of the users’ data in the cloud. In particular, they proposed an object-centered approach that enables enclosing logging mechanism together with users’ data and policies. The JAR programmable capabilities to both create a dynamic and traveling object, and to ensure that any access to users’ data will trigger authentication and automated logging local to the JARs. [Kui Ren et all., 2010] focuses on ensuring the integrity of data storage in cloud computing to verify the integrity of dynamic data stored on the cloud. The classic Merkle Hash Tree (MHT) construction for block tag authentication and bilinear aggregate signature also included for multi-user setting.
3. USER ACCOUNTABILITY FRAMEWORK
In this section, we present an overview of the User Accountability framework and discuss how the framework provides enhanced security. User Accountability Framework (UAF) proposed in this paper, incorporated many techniques for enhancing the security in the cloud environment. The framework concentrates on providing proper authentication and encryption for the data stored on the cloud. Log iles are generated for tracking the usage of shared data that are outsourced on the cloud. Auditing has been performed in two modes: push and pull mode to audit the data usage, detect the malicious user and providing more security by blocking that used from accessing the data. The integrity of the data that is provided by the cloud is also veriied to check whether the user outsources the data without proper authorization.
3.1. Accountable Data Storage and Access:
Before the data is being stored in the cloud, a check should be made to prove the accountability of the cloud environment. So, in this paper the details of the cloud users are acquired before even accessing the cloud. And a unique key is generated for the cloud users on the basis of Identity Based Encryption (IBE) mechanism. After acquiring the unique key generated by IBE, the data will be outsourced over the cloud. Prior, the data has to be encrypted with the generated key at the owner side and will be compressed with the logger. Here the password based encryption with MD5 and DES algorithm is used to encrypt the log iles. Now the encrypted data iles are combined with logger component and compressed as JAR and then it is stored on the cloud.
In the proposed scalable framework, the outsourced data can be accessed by the interested users by getting authorization or access permission from the content owner properly. For that concern, the clients has to prove themselves as the authorized user by logging on to the data owner and getting the secret key, based on the IBE mechanism. While client logging is performed with data owner, it is mandatory to submit their unique system information and access privilege. Once the authentication succeeds, the user will be allowed to access the data enclosed in the JAR. Since the data is encrypted before compressing as a jar ile, it is very much required that the cloud provider should decrypt the data ile and then transfer the contents to the end user. The key required for decryption is sent along with the logger component.
3.2. Logging Mechanism:
As for the logging, each time there is an access to the data; the JAR will automatically generate a log record, encrypt it using the public key distributed by the data owner, and store it along with the data. The conventional RSA (Rivet – Shamir – Adeline) algorithm is used here to encrypt the log ile ; it uses the unique key generated for each owner. The encryption of the log ile prevents unauthorized changes to the ile by attackers. Further, the log harmonizer is responsible for auditing. Being the trusted component, the log harmonizer generates the master key. It holds on to the decryption key for the IBE key pair, as it is responsible for decrypting the logs. Alternatively, the decryption can be carried out on the user end if the path between the log harmonizer and the user is not trusted. In this case, the harmonizer sends the key to the client in a secure key exchange.
Log records are generated by the logger component. Logging occurs at any access to the data in the JAR, and
new log entries are appended sequentially, in order of creation Log File = r1,...,rk . Each record ri is encrypted individually and appended to the log ile. In particular, a log record takes the following form:
fi = ID Act T Loct h ID Act T Loct f, , , , ( , , , ) i−1... f1).sig (1)
Here, ri indicates that an entity identiied by ID has performed an action Act on the user’s data at time T at
location Loc. The component h ID Act T Loct r( , , , ) i−1 ... )r1 corresponds to the checksum of the records preceding
the newly inserted one, concatenated with the main content of the record itself (we use I to denote concatenation). The component sig denotes the signature of the record created by the server. If more than one ile is handled by the same logger, an additional Object ID ield is added to each record. The location of the cloud service provider can be determined using IP address.
3.3. Auditing:
As mentioned above, the log harmonizer is responsible for auditing. Also it supports two auditing strategies: push and pull. Under the push strategy, the log ile is pushed back to the data owner periodically in an automated fashion. The pull mode is an on-demand approach, whereby the log ile is obtained by the data owner as often as requested. Separating the logging and auditing functions improves the performance. The logger and the log harmonizer are both implemented as lightweight and portable JAR iles. The JAR ile implementation provides automatic logging functions.
4. EXPERIMENT RESULTS
Figure 2. Time Taken for Log File Creation
In order to check if the log harmonizer can be a bottleneck, the amount of time required to merge log iles is measured. In this analysis, it is ensured that each of the log iles had 10 to 25 percent of the records in common with one other. The exact number of records in common was random for each repetition of the experiment. The time was averaged over 15 repetitions. We tested the time to merge up to 60 log iles of 100 KB, 200 KB, 300 KB, 400 KB and 500 KB each. The results are shown in Figure 3.
Figure 3. Time Taken for Log Merging
5. CONCLUSION
Cloud computing has raised a range of important privacy and security issues Such issues are due to the fact that, in the cloud, users’ data and applications reside—at least for a certain amount of time—on the cloud cluster which is owned and maintained by a third party. Concerns arise since in the cloud it is not always clear to individuals why their personal information is requested or how it will be used or passed on to other parties. The problem is identiied effectively by the literature survey. Hence, an effective user accountability framework is implemented to keep track of the actual usage of the users’ data in the cloud. The authorization mechanisms can be used to create an accountable cloud environment. By implementing the logging mechanism the data will be accessed only under the control of owner’s permission. By verifying the integrity a secure data sharing is held in the cloud so that data owner need not fear about the contents of it. The mechanism also involves in preventing the data sharing from many security attacks.
6. REFERRENCES:
[1] Cong Wang and Kui Ren, Jin Li, Wenjing Lou “Toward publicly auditable secure cloud data storage services” IEEE Network July /Aug-2010.
[2] LinLin Wu, Saurabh Kumar Garg and RajKumar Buyya “SLA Based Resource allocation for Software as a service provider in
[5] Jaehong Park and Ravi Sandhu, “Towards usage control models: beyond traditional access control,” In the Proceedings of the
sev-enth ACM symposium on Access control models and technologies (SACMAT ‘02), 2002, pp. 57-64.
[6] Squicciarini, A, Sundareswaran, S. and Dan Lin “Preventing Information Leakage from Indexing in the Cloud,” In the Proceedings
